Page 1 of 1

How to use ncdns with RPC cookie on Linux?

Posted: Mon Mar 12, 2018 8:25 pm
by redblade7
Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!

Re: How to use ncdns with RPC cookie on Linux?

Posted: Thu Mar 15, 2018 3:19 pm
by biolizard89
redblade7 wrote:
Mon Mar 12, 2018 8:25 pm
Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?

Re: How to use ncdns with RPC cookie on Linux?

Posted: Thu Mar 15, 2018 10:50 pm
by redblade7
biolizard89 wrote:
Thu Mar 15, 2018 3:19 pm
redblade7 wrote:
Mon Mar 12, 2018 8:25 pm
Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?
I don't understand, you mean see if Bitcoin Core creates a cookie that's 600 and owned by the Bitcoin-Core-running user? What permissions should it have?

Re: How to use ncdns with RPC cookie on Linux?

Posted: Tue Mar 20, 2018 10:23 am
by biolizard89
redblade7 wrote:
Thu Mar 15, 2018 10:50 pm
biolizard89 wrote:
Thu Mar 15, 2018 3:19 pm
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?
I don't understand, you mean see if Bitcoin Core creates a cookie that's 600 and owned by the Bitcoin-Core-running user?
Yes. The cookie authentication code is part of Bitcoin Core; Namecoin Core doesn't have any patches against that code (as far as I'm aware). If Bitcoin Core's cookie file is always only accessible by the Bitcoin Core user, that seems like a bug that should be filed against Bitcoin Core.
redblade7 wrote:
Thu Mar 15, 2018 10:50 pm
What permissions should it have?
I don't know exactly what the "correct" behavior should be, but it seems to me that it should definitely be possible to configure Bitcoin Core to allow a subset of the users besides the user running Bitcoin Core to read the cookie file. The exact choice of how to configure this and what its behavior is, would be chosen by the Bitcoin Core developers, not us. (And I suspect they'll come up with a better policy than we would, since they have many more people doing peer review.)